Protect Your Customers

Healthy Server Reseller News

March 30th, 2010
In this issue
  • Article: "Password Recovery Secrets of the Pros"
  • Carroll-Net Exhibiting at IT360 April 7th, booth 504
  • Carroll-Net Healthy Server

Service For Your Customer
http://reseller.carroll.net

Password Recovery Secrets of Professionals

It’s a common story. You’ve inherited a Windows server without documentation. The last Administrator is long gone and no-one knows the password.  This goes without notice until the organization needs to make a change and suddenly everyone is scratching their heads and looking at the guy next to them saying “…I thought you had the password…”

An indispensable part of any sysadmin toolkit is a Windows password recovery tool.  Fortunately, the Carroll-Net Server Recovery Kit includes just such a tool – chntpw.

The procedure to recover passwords is straight forward

1.       Reboot the server with the Carroll-Net Server Recovery Kit (CnSRK)

2.       Mount Windows Filesystem

3.       Open a terminal and change to the folder with the SAM registry

4.       Run chntpw, reset password & save your changes

5.       Remove the CnSRK and Reboot

Step 1 – Reboot the server with the CnSRK

The CnSRK is a LiveCD. If this is your first exposure to this, it means to insert the CD (or thumb drive) and reboot the server.  The CnSRK will then boot.

Step 2 – Mount Windows Filesystem

There are several ways to connect to the Windows Filesystem. The simplest is to Click ‘Places’ from the tool-bar, and then select the named partition from the list.  After a brief delay, an Explorer window will open showing the list of files.

Take careful note of the path. You’ll need this in the next step.

Step 3- Open terminal and change to the folder with SAM

Click ‘Applications’ à ‘Accessories’ à ‘Terminal’

In the newly opened terminal, type the following commands

                cd /media/{path-from-previous-step}/Windows/System32/config

Step 4 – Run chntpw

                sudo chntpw –i SAM

What follows are the screens you will see.

<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives: <SAM> 

  1 - Edit user data and passwords
  2 - Syskey status & change
  3 - RecoveryConsole settings
      - - -
  9 - Registry editor, now with full write support!
  q - Quit (you will be asked if there is something to save) 

What to do? [1] ->

Main Menu.

To change the password, type  1 and press enter.

 

 

===== chntpw Edit User Info & Passwords ====

| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03ed | ASPNET                         |        |          |
| 01f5 | Guest                          |        | dis/lock |
| 03ee | Mikey                          |        |          | 

Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)or simply enter the username to change: [Administrator]

Select which account to reset password.

Enter to accept the default ‘Administrator’, or type the account name.

 

 

RID     : 0500 [01f4]
Username: Administrator
fullname: comment : Built-in account for administering the computer/domain
homedir :  

User is member of 1 groups:
00000220 = Administrators (which has 2 members)

Account bits: 0x0211 =
[X] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
[X] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  |

Failed login count: 0, while max tries is: 0
Total  login count: 4

- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (make user an administrator)
 4 - Unlock and enable user account [probably locked now]
 q - Quit editing user, back to user select

Select: [q] >  

Display account details and choose action.

The simplest action is to ‘Clear’ the password (option 1). This blanks the password, and enables you to login without a password. You can then use regular Windows tools to update the password during the next boot.

Type 1 and press Enter to clear the password.

 

 

Password cleared!

Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator]

 

Success confirmation.

Type exclamation point ‘!’ to quit to main menu. Then type ‘q’ at Main menu to exit and save.

 

 

Hives that have changed:
 #  Name
 0  <SAM>
Write hive files? (y/n) [n] :

Last chance to abort changes.

If you want to commit what you’ve done, type ‘y’ and press enter.

 

Step 6 – Remove the CnSRK and Reboot

Click the Reboot icon (top right corner).  Remove CnSRK and bring up server normally.

Download your Free copy of the Carroll-Net Server Recovery Kit http://www.kleobackup.net
 

Carroll-Net exhibiting at IT360
April 7th, Booth 504


Stop by our the booth, for a complimentary
copy of the Carroll-Net Server Recovery Kit.
 

Healthy Server Video
We've created a video to help clarify the benefits of Offsite Backup to your customers.


http://carroll.net/flash_movie/movie.htm
 

KLEO Bare Metal Backup
for Servers

Download your FREE Copy Today!
 

Carroll-Net Healthy Server

  
reseller.carroll.net
Copyright (c) Carroll-Net, Inc., 2010